Sign-up

ID

VAR-201605-0017


CVE

CVE-2016-0878


TITLE

Moxa EDR-G903 Denial of Service Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-03391 // CNNVD: CNNVD-201605-433

DESCRIPTION

Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests. MoxaEDR-G903 is a set of firewall/VPN security router products from Moxa. There are security vulnerabilities in MoxaEDR-G903V3.4.11 and earlier. A privilege-escalation vulnerability 2. An information-disclosure vulnerability 3. A hard coded credentials authentication bypass vulnerability 4. A denial-of-service vulnerability 5. An arbitrary file download vulnerability An attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or gain elevated privileges on the affected device. Other attacks are also possible. EDR-G903 3.4.11 and and prior are vulnerable

Trust: 2.52

sources: NVD: CVE-2016-0878 // JVNDB: JVNDB-2016-002953 // CNVD: CNVD-2016-03391 // BID: 90716 // VULHUB: VHN-88388

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-03391

AFFECTED PRODUCTS

vendor:moxamodel:edr-g903scope:ltversion:3.4.12

Trust: 1.0

vendor:moxamodel:edr-g903scope: - version: -

Trust: 0.8

vendor:moxamodel:edr-g903 seriesscope:ltversion:3.4.12

Trust: 0.8

vendor:moxamodel:edr-g903scope:gteversion:3.4.11

Trust: 0.6

vendor:moxamodel:edr-g903scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2016-03391 // JVNDB: JVNDB-2016-002953 // CNNVD: CNNVD-201605-433 // NVD: CVE-2016-0878

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-0878
value: HIGH

Trust: 1.0

NVD: CVE-2016-0878
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-03391
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201605-433
value: HIGH

Trust: 0.6

VULHUB: VHN-88388
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-0878
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-03391
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-88388
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-0878
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2016-0878
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2016-03391 // VULHUB: VHN-88388 // JVNDB: JVNDB-2016-002953 // CNNVD: CNNVD-201605-433 // NVD: CVE-2016-0878

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-88388 // JVNDB: JVNDB-2016-002953 // NVD: CVE-2016-0878

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-433

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201605-433

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002953

PATCH
title:EDR-G903 シリーズurl:http://japan.moxa.com/product/EDR-G903.htm
Trust: 0.8
title:MoxaEDR-G903 denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/76249
Trust: 0.6
title:Moxa EDR-G903 Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61748
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-03391 // 
            
            
            
            JVNDB: JVNDB-2016-002953 // 
            
            
            
            CNNVD: CNNVD-201605-433

EXTERNAL IDS
db:NVDid:CVE-2016-0878
Trust: 3.4
db:ICS CERTid:ICSA-16-042-01
Trust: 3.1
db:JVNDBid:JVNDB-2016-002953
Trust: 0.8
db:CNNVDid:CNNVD-201605-433
Trust: 0.7
db:CNVDid:CNVD-2016-03391
Trust: 0.6
db:BIDid:90716
Trust: 0.3
db:VULHUBid:VHN-88388
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-03391 // 
            
            
            
            VULHUB: VHN-88388 // 
            
            
            
            BID: 90716 // 
            
            
            
            JVNDB: JVNDB-2016-002953 // 
            
            
            
            CNNVD: CNNVD-201605-433 // 
            
            
            
            NVD: CVE-2016-0878

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-042-01
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0878
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0878
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2016-03391 // 
            
            
            
            VULHUB: VHN-88388 // 
            
            
            
            JVNDB: JVNDB-2016-002953 // 
            
            
            
            CNNVD: CNNVD-201605-433 // 
            
            
            
            NVD: CVE-2016-0878

CREDITS
Maxim Rupp
Trust: 0.9
sources:
            
            
            BID: 90716 // 
            
            
            
            CNNVD: CNNVD-201605-433

SOURCES
db:CNVDid:CNVD-2016-03391
db:VULHUBid:VHN-88388
db:BIDid:90716
db:JVNDBid:JVNDB-2016-002953
db:CNNVDid:CNNVD-201605-433
db:NVDid:CVE-2016-0878

LAST UPDATE DATE
2024-08-14T13:57:18.528000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-03391date:2016-05-23T00:00:00
db:VULHUBid:VHN-88388date:2016-05-31T00:00:00
db:BIDid:90716date:2016-07-06T14:43:00
db:JVNDBid:JVNDB-2016-002953date:2016-06-01T00:00:00
db:CNNVDid:CNNVD-201605-433date:2022-04-13T00:00:00
db:NVDid:CVE-2016-0878date:2022-04-12T18:05:06.787

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-03391date:2016-05-23T00:00:00
db:VULHUBid:VHN-88388date:2016-05-31T00:00:00
db:BIDid:90716date:2016-05-17T00:00:00
db:JVNDBid:JVNDB-2016-002953date:2016-06-01T00:00:00
db:CNNVDid:CNNVD-201605-433date:2016-05-18T00:00:00
db:NVDid:CVE-2016-0878date:2016-05-31T01:59:03.117